CVE-2008-0606

CVE-2008-0606 describes a SQL injection vulnerability in the Shambo2 (com_shambo2) component used by Mambo and Joomla!. The vulnerability is triggered in index.php via the Itemid parameter, allowing remote attackers to execute arbitrary SQL commands. Multiple sources (NVD, CVE lists, Prio) consis...

CVE-2008-0603

The vulnerability CVE-2008-0603 affects the amazOOP Awesom! (com_awesom) 0.3.2 component for Mambo/Joomla!, with the SQL injection in index.php via the listid parameter in the viewlist task. The underlying issue is a SQL injection in the affected component/file that allows remote attackers to man...

CVE-2008-0602

CVE-2008-0602 affects All Club CMS (ACCMS) versions 0.0.1f and earlier. The vulnerability is a directory traversal flaw in index.php that allows remote attackers to include and execute arbitrary local files via traversal sequences in the class_name parameter. Client impact per CVSS2 is Partial co...

CVE-2008-0609

CVE-2008-0609 describes a directory traversal vulnerability in DivideConcept VHD Web Pack 2.0 (index.php) that allows remote attackers to include and execute arbitrary local files via .. in the page parameter. The NVD lists a base score of 7.5 (HIGH) with network access, low attack complexity, an...

Mambo Component com_downloads - SQL Injection

Mambo Component comdownloads - SQL Injection joomla SQL Injectioncomdownloadsfilecatid AUTHOR : S@BUN HOME : http://www.hackturkiye.com DORKS 1 : allinurl :"comdownloads"filecatid EXPLOIT :...

Mambo Component com_downloads - SQL Injection

joomla SQL Injectioncomdownloadsfilecatid AUTHOR : S@BUN HOME : http://www.hackturkiye.com DORKS 1 : allinurl :"comdownloads"filecatid EXPLOIT :...

CVE-2008-0579

CVE-2008-0579 : A SQL injection vulnerability is present in Joomla!’s buslicense component (com_buslicense) in index.php, exploitable via the aid parameter in a list action, potentially enabling remote arbitrary SQL execution. Exploits are documented (e.g., Exploit-DB 5011). No remediation detail...

CVE-2008-0574

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action...

CVE-2008-0574

The provided connected and main CVE docs confirm CVE-2008-0574 is an XSS vulnerability in webSPELL 4.01.02. Specifically, index.php is vulnerable via the sort parameter in the whoisonline action, enabling remote attackers to inject arbitrary web script/HTML. Impact is consistent with an XSS in wh...

CVE-2008-0559

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

Directory traversal

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

Sql injection

SQL injection vulnerability in index.php in the CatalogShop comcatalogshop 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action...

CVE-2008-0557

CVE-2008-0557 affects CatalogShop (com_catalogshop) 1.0b1 for Mambo/Joomla!, with an SQL injection in index.php via the id parameter in the detail action. This remote-vector vulnerability could allow attackers to execute arbitrary SQL commands. The attached connected documents confirm the issue b...

CVE-2008-0559

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

CVE-2008-0562

The vulnerability CVE-2008-0562 affects the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla!, where an SQL injection can be triggered through the id parameter in a detail action (index.php). The issue is confirmed to be exploitable remotely over the network with low attack complexi...

Mambo Component Shambo2 - itemID SQL Injection

Mambo Component Shambo2 - itemID SQL Injection joomla SQL Injectioncomshambo2 AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORKS 1 : allinurl :"comshambo2" EXPLOIT :...

joomlamosdir-sql.txt

Joomla Component mosDirectory 2.3.2 catid Remote SQL Injection Vulnerability Script : : Dork : inurl:index.php?option=comdirectory Injection Adress : /index.php?option=comdirectory&page=viewcat&catid=SQL Code SQL Code : -1//union//select//0,concatusername,0x3a,password//from//josusers/ aNa TrYaGi...

phpshop-sql.txt

Vendor : PHPShop Webiste : http://www.phpshop.org Version : v0.8.1 Author: the redc0ders / theredc0dersatgmaildotcom Condition: magicquotegpc = off , in php.ini setting Details : ========== Vulnerable Code in index.php near lines 98 - 128 code // basic SQL inject detection $myinsecurearray =...

BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability

No description provided by source. BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...

Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability ============================================================== Joomla Component Markplace 1.1.1 Remote Sql...